Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6221

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

8.1HIGH

EPSS

4.5%

top 10.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Trend Micro Email Encryption Gateway Trendmicro Email Encryption Gateway

Timeline

PublishedMar 15

Latest updateMay 14

Description

An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/email_encryption_gateway5.5

▶CVEListV5trend_micro/trend_micro_email_encryption_gateway5.5

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5jx-63r2-pgwj: An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5↗2022-05-14

▶

CVEList

CVE-2018-6221: An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5↗2018-03-15

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities↗2018-02-22

▶

💬Community

Bugzilla

CVE-2018-8007 couchdb: Administrative Privilege Escalation↗2018-07-13

▶